CVE-2023-54048Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread7 documents6 sources
Severity
5.9MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since CQs are active during the QP destroy, driver may still schedule completion handlers. This can cause a race where the destroy_cq and poll_cq running simultaneously. Snippet of kernel panic while doin

Affected Packages4 packages

Linuxlinux/linux_kernel4.11.05.15.124+2
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux1ac5a404797523cedaf424a3aaa3cf8f9548dff8b79a0e71d6e8692e0b6da05f8aaa7d69191cf7e7+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54048: In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate co2025-12-24
OSV
RDMA/bnxt_re: Prevent handling any completions after qp destroy2025-12-24
GHSA
GHSA-4gfv-wqf7-r3g7: In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Prevent handling any completions after qp destroy HW may generate2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service in RDMA/bnxt_re driver due to race condition during QP destruction2025-12-24
Debian
CVE-2023-54048: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_r...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54048 Impact, Exploitability, and Mitigation Steps | Wiz